<?php //Daryl Hop Yek

session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Register</title>
<link href="mainstyles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<a href="index.php"><img src="shark.gif" width="229" height="180" alt="Pshark Icon" style="float:left ; margin-right: 15px; margin-bottom: 15px" /></a><h1>Pshark</h1>
<h2>A Proactive Approach to Preventing Phishing Attacks</h2>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<?php
include("dbconnect.php");
/* This code handle all of queries for pshark.
   
*/

if ($_REQUEST['submit'] == "insert")
{
	//Validate the login
	if(!empty($_REQUEST[username]))
	{
		$username = $_REQUEST[username];
	}
	else
	{
		$username = NULL;
		echo '<p class = "error">You forgot to enter your Login!</p>';
	}
	
	//Validate the First Name
	if(!empty($_REQUEST[firstname]))
	{
		$FirstName = $_REQUEST[firstname];
	}
	else
	{
		$FirstName = NULL;
		echo '<p class = "error">You forgot to enter your First Name!</p>';
	}
	
	//Validate the Last Name
	if(!empty($_REQUEST[lastname]))
	{
		$LastName = $_REQUEST[lastname];
	}
	else
	{
		$LastName = NULL;
		echo '<p class = "error">You forgot to enter your Last Name!</p>';
	}
	
	//Validate the Email Address
	if(!empty($_REQUEST[email]))
	{
		$email = $_REQUEST[email];
	}
	else
	{
		$email = NULL;
		echo '<p class = "error">You forgot to enter your Email Address!</p>';
	}
	
	//Validate the Password
	if(!empty($_REQUEST[password]))
	{
		$password = $_REQUEST[password];
	}
	else
	{
		$password = NULL;
		echo '<p class = "error">You forgot to enter your Password!</p>';
	}
	
	// If everything is OK, insert entry into database
	if ($username  && $FirstName && $LastName && $email && $password)
	{
		$sql = "INSERT INTO USER (USERNAME,  FIRSTNAME, LASTNAME, EMAIL, PASSWORD, USERTYPE) VALUES ('$_REQUEST[username]', '$_REQUEST[firstname]', '$_REQUEST[lastname]', '$_REQUEST[email]', '$_REQUEST[password]', 'user')";
	 echo $sql; 
	 	print '<br />';
		if ($dbh->exec($sql))
			echo "Done";
		else
			echo "Failed";
		echo "<br />";
		//header("location: index.php");
	}
}
else if ($_REQUEST['submit'] == "Update")
{
	$sql = "UPDATE USER SET USERNAME = '$_REQUEST[username]',  FIRSTNAME = '$_REQUEST[firstname]', LASTNAME = '$_REQUEST[lastname]', EMAIL = '$_REQUEST[email]', PASSWORD = '$_REQUEST[password]', USERTYPE = '$_REQUEST[usertype]' WHERE ID = '$_REQUEST[id]'";
	 echo $sql; 
	 print '<br />';
	if ($dbh->exec($sql))
		echo "Updated";
	else
		echo "Not updated";
		echo "<br />";
}
else if ($_REQUEST['submit'] == "Delete")
{
	$sql = "DELETE FROM USER WHERE ID = '$_REQUEST[id]'";
	 echo $sql; 
	 print '<br />';
	if ($dbh->exec($sql))
		echo "Deleted";
	else
		echo "Not deleted";
	echo "<br />";
}
else if ($_REQUEST['submit'] == "Alter")
{
	$sql = "UPDATE RECORD SET URL = '$_REQUEST[url]',  DATEENTER = '$_REQUEST[dateenter]', DATEREMOVED = '$_REQUEST[dateremoved]' WHERE ID = '$_REQUEST[id]'";
	 echo $sql; 
	 print '<br />';
	if ($dbh->exec($sql))
		echo "Altered";
	else
		echo "Not altered";
		echo "<br />";
}
else if ($_REQUEST['submit'] == "Remove")
{
	$sql = "DELETE FROM RECORD WHERE ID = '$_REQUEST[id]'";
	 echo $sql; 
	 print '<br />';
	if ($dbh->exec($sql))
		echo "Deleted";
	else
		echo "Not deleted";
	echo "<br />";
}
/* close the database connection */
$dbh = null;

?>